Static and Dynamic Code Analysis
Application Security Engineers
Secure coding practices for three million lines of code.
Our client, whose software is used in highly regulated industries, lacked the ability to evaluate its source code for vulnerabilities. Two large applications with different secure software development requirements needed evaluation. In each case we needed to identify and support remediation of vulnerabilities prior to release. Application 1 included 1.7 million lines of code of C#, .NET, 45k lines of VB and required daily reviews. Application 2 had more than two million lines of code. Each application needed to be reviewed three times per year.
Our team integrated with each application’s build process, scaling with customer requirements. Our process includes the following steps:
- Results are analyzed and triaged based on priority and category (false positive, poor practice, valid finding)
- Remediation steps are added to the development pipeline
As a result of our solution, our client is able to deliver third party vetted and analyzed software that is developed secure at time of creation, reducing costly reengineering once released in production, enhancing customer satisfaction and end users trust by reducing vulnerabilities.